Hi Markt, Sorry, I did not include this since I'm using standard in release (1.1.33). I know of the more recent releases, but I can't just update (production), and in release note's I did not find anything that might help.
Thanks, Harrie -----Original Message----- From: Mark Thomas [mailto:ma...@apache.org] Sent: woensdag 13 januari 2016 20:59 To: Tomcat Users List <users@tomcat.apache.org> Subject: Re: Client TLS 1.2 error for APR On 13/01/2016 18:36, Harrie Robins wrote: > Hi! > > I'm running Tomcat 7.0.65 with APR connector over port 443. Tomcat version - tick Connector config - tick Tomcat-Native version ... ? Mark > I'm experiencing > trouble with users that connect with IE11 over SSL. Connecting and > browsing works fine, but sometimes a white screen with this error pops > up. Once they disable TLS 1.2 everything works fine: > > > > This page can't be displayed > > Turn on TLS 1.0, TLS1.1 and TLS 1.2 in Advanced settings and try > connecting to https://sub.example.com again. If this error persists, > contact your site administrator. > > > > Right now I'm using SHA-2 encryption (we moved from SHA-1) with A+ > rating on SSLLabs, without any error's. > > > > Server.xml configuration. Ciphers following latest intermediate from > Mozilla openssl config: > > > > <Connector port="443" > > protocol="org.apache.coyote.http11.Http11AprProtocol" > > connectionTimeout="6000" > > maxThreads="500" > > maxKeepAliveRequests="-1" > > acceptCount="200" > > SSLEnabled="true" > > scheme="https" > > secure="true" > > clientAuth="false" > > enableLookups="false" > > SSLCertificateFile="C:\server\ssl\server.crt" > > SSLCertificateKeyFile="C: \server\ssl\private.key" > > SSLCACertificateFile="C: \server\ssl\intermediate.crt" > > SSLPassword="passw" > > SSLProtocol="all -SSLv2-SSLv3" > > SSLHonorCipherOrder="true" > SSLCipherSuite="ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA > 256:EC > DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128 > -GCM-S > HA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:EC > DHE-EC > DSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RS > A-AES2 > 56-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-A > ES256- > SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE > -RSA-A > ES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:A > ES256- > GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMEL > LIA:DE > S-CBC3-SHA:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_1 > 28_CBC > _SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA: > !EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!DHE:!EDH" > > /> > > > > Does anyone have a pointer about what could be wrong with this > configuration? > > > > Kind regards, > > > > Harrie > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
